6.1 About Post-Processing

During post-processing of ingested data, TBAML prepares the detection results for presentation to users. Preparation of the results depends upon the following processes:

• Match Scoring: Computes a ranking for scenario matches indicating a degree of risk associated with the detected event or behavior (Refer to Match Scoring for more information).
• Alert Creation: Packages the scenario matches as units of work (that is, events), potentially grouping similar matches together, for disposition by end users (Refer to Alert Creation for more information).
• Alert Scoring: Ranks the events (including each match within the events) to indicate the degree of risk associated with the detected event or behavior (Refer to Alert Scoring for more information).
• Highlight Generation: Generates highlights for events that appear in the event list in the Behavior Detection subsystem and stores them in the database (Refer to Highlight Generation for more information).
• Historical Data Copy: Identifies the records against which the current batch’s scenario runs generated events and copies them to archive tables (Refer to Historical Data Copy for more information).

  Note:

  You can re-run any failed post-processing job.